Nissan Leaf Maybe At Threat Because of Vulnerable APIs

Security researchers show how an attacker can access Nissan Leaf electric car by exploiting vulnerability in APIs

By using the Application Program Interface or the list of protocols to be kept in mind while building a new software, by the car manufacturing giant Nissan, some security researchers have detected vulnerabilities in the mobile management APIs for the Nissan Leaf electric car.

These APIs allow any person with the knowledge of the VIN of a car to get access to features like climate regulation and battery charge management from anywhere across the World Wide Web. And VINs are something that is clearly visible to the entire world through the gar’s windshield.

[q]Attackers can access the Nissan Leaf via insecure APIs[/q]

One of the security researcherswrote in his blog postarticulating that his main concern was with the “telematics system in the car” that is leaking the “historical driving data”.

[fullsquaread][/fullsquaread]

He continues to write that:

“That’s the details of every trip I’ve ever made in the car, including when I made it, how far I drove and even how efficiently I drove. This could easily be used to build up a profile of my driving habits, considering it goes back almost 2 years and predict when I will be away from home. This kind of data should be collected and secured with the utmost respect for my privacy.”

Using an embedded video, the two researchers, Scott Helme and Troy Hunt, described that the discovery was made by another person who attended a workshop along with them. And After his discovery, Hunt demonstrated that he was able to access Helme’s Nissan Leaf, sitting in England, ten thousand miles away from Australia.

The person who worked with them in the workshop went back to his hotel room the day he discovered that such access was possible and proxied his iPhone via the computer since the APIs that are used to access the Nissan Leaf cars work on bothAndroidandiOS platforms.

While Hunt maintained that this would not necessarily turn out to be a life-threatening situation, hackers could, however, use thisNissanConnect appto gain control over some features of Nissan’s electric car and mess around with some features.

Nissan acknowledgedthe fact that they were aware of such an issue and also mentioned that it doesn’t have any effect on the car’s safety, perhaps to stop customers from panicking. They said that they were looking into the issue and were ensuring to deliver “the best possible experience” for their customers.

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.